Is Adobe Finally Taking Security Seriously?
Adobe has had its share of security problems lately -- I guess it shouldn't be a surprise that McAfee predicted Adobe would be a top target for hackers in 2010.
It's a reminder that no one is safe in today's environment. Adobe was safe and secure for such a long time, but in an Information Security article, Adobe's Brad Arkin was quoted:
There are definitely a lot of bad guys out there who make a living attacking software. … They started by attacking Microsoft, now they're attacking Adobe too. We're definitely in the spotlight.
Part of the problem has been Adobe's slow response to security flaws. Is that changing?
Last year Adobe created its Secure Product Lifecycle (SPLC), which, according to the Information Security article:
includes an 80-point security plan for every product, security training and certification for engineers, and a culture of security largely based on the company's training program, have yielded more secure products, he said. The company's four-tier training program, which launched in early 2009, begins with computer-based training, but to achieve the third level (a "brown belt") an engineer must create a project and finish it in six months, while the fourth level (a "black belt") requires coordination of brown-belt projects.
Also, Adobe's Product Security blog reported an accelerated security update, pushing updates to June 29 rather than waiting for the normal quarterly release on July 13.
Hopefully this is recognition on Adobe's part that the company plays an important function in many business operations and that increased security measures -- particularly quicker response times to flaws and vulnerabilities -- is vital.